Microsoft Docs

Virtual Networks Route Table Overview

On this page

Introduction

Virtual network route tables allow you to control the flow of network traffic within your Azure virtual network. By default, Azure provides system routes that enable communication between subnets, with on-premises networks, and to the internet. However, in many scenarios, you need to define custom routes to reroute traffic. Route tables enable you to do this by defining custom routes that override the default Azure routes.

This article provides an overview of Azure route tables, how they work, and their key components.

Route Tables

A route table is a collection of routes. You associate a route table with one or more subnets in your virtual network. All network traffic originating from a subnet is subject to the routes defined in the associated route table. A subnet can only have one route table associated with it.

Route tables can be created at the subscription level and then associated with subnets. The routes within a route table apply to all subnets that are associated with it.

Key characteristics of route tables:

  • They enable you to define custom routing behavior.
  • They can override default Azure system routes.
  • They are associated with subnets.
  • A subnet can have only one route table.

Routes

A route is a single entry within a route table. Each route defines a destination prefix (a CIDR block) and a next hop. When traffic leaves a subnet, Azure looks for a route in the associated route table whose destination prefix matches the traffic's destination IP address. If a match is found, Azure forwards the traffic to the specified next hop.

A route consists of the following properties:

  • Address prefix: The destination IP address range in CIDR notation. For example, 10.1.0.0/16.
  • Next hop type: The type of destination where traffic is sent. Possible values include:
    • VirtualAppliance: Traffic is sent to a network virtual appliance (NVA) such as a firewall or WAN accelerator.
    • VirtualNetworkGateway: Traffic is sent to an Azure VPN gateway or Azure ExpressRoute gateway.
    • VnetLocal: Traffic destined for within the virtual network.
    • Internet: Traffic is sent directly to the internet.
    • None: Traffic is dropped.
  • Next hop address: The IP address of the next hop. This is required when the Next hop type is VirtualAppliance or VirtualNetworkGateway.

Azure automatically adds a route with the address prefix 0.0.0.0/0 with a Next hop type of Internet to every route table. You can override this with your own custom route.

Route Table Propagation

When you create or update a route table, the changes are propagated to all associated subnets. This propagation typically takes a few seconds.

Additionally, routes learned from connected networks, such as on-premises networks connected via VPN Gateway or ExpressRoute, are also propagated to the route table. These learned routes can also influence traffic flow.

Route Table Examples

Here are a couple of common scenarios where route tables are useful:

Scenario 1: Forcing internet traffic through a firewall appliance

You can configure a route table to force all outbound internet traffic from your subnets to go through a network virtual appliance (NVA) acting as a firewall.

Route Table: FirewallTraffic 

{
  "name": "FirewallTraffic",
  "type": "Microsoft.Network/routeTables",
  "properties": {
    "routes": [
      {
        "name": "ToFirewall",
        "properties": {
          "addressPrefix": "0.0.0.0/0",
          "nextHopType": "VirtualAppliance",
          "nextHopIpAddress": "10.0.2.4" // IP of your firewall NVA
        }
      }
    ]
  }
}

Scenario 2: Directing specific traffic to an ExpressRoute gateway

You might want to send traffic destined for your on-premises network through an ExpressRoute gateway.

Route Table: OnPremTraffic 

{
  "name": "OnPremTraffic",
  "type": "Microsoft.Network/routeTables",
  "properties": {
    "routes": [
      {
        "name": "ToExpressRoute",
        "properties": {
          "addressPrefix": "192.168.1.0/24", // Your on-premises network CIDR
          "nextHopType": "VirtualNetworkGateway",
          "nextHopIpAddress": null // Not needed for VNetGateway type
        }
      }
    ]
  }
}

The IP address for VirtualNetworkGateway is automatically resolved by Azure.

Resource Manager Templates

You can define and deploy route tables and their associated routes using Azure Resource Manager (ARM) templates for automation and consistency. This allows you to manage your network infrastructure as code.

The structure in the examples above can be directly used within an ARM template deployment.

Conclusion

Azure route tables are a powerful feature for customizing network traffic flow within your virtual networks. By understanding how to define routes and associate them with subnets, you can implement complex network topologies, enhance security, and optimize performance.

Consider using route tables whenever you need to:

  • Send traffic through a network virtual appliance (NVA).
  • Control traffic flow to on-premises networks.
  • Block or redirect specific traffic patterns.

Always test your routing configurations thoroughly to ensure that traffic flows as expected and that no unintended network disruptions occur.